MBAM Architecture

From RiceFamily Wiki
Jump to: navigation, search

Overview

We are going to be setting up a "Stand-Alone" MBAM environment and using BigFix in place of Microsoft's SCCM to deploy the clients and gather status from endpoints.

Architecture

  • 2 Servers.
    • One Server will act as the DB server.
    • The second Server will act as the Application Server.
  • The servers have been requested.
    • SQL Server 2014 has been installed
    • SSL Certificates have been requested, received and installed on both servers.
      • Needed to generate the CSR for the DB server from IIS itself.
      • Using OpenSSL caused issues with differences in the Cert formats.
      • Simpler to just use IIS.
    • MBAM has been installed on both servers.
    • Configuration has been run on the DB server.
    • Configuration will not complete on the Application Server.
      • The problem seems to be with Reporting Services.
      • Need to review the documentation again.

Resources

Upgrade

Processes

Notes

MBAM Monitoring Web Service no longer available
https://technet.microsoft.com/en-us/library/dn645312.aspx
The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
I wonder if this means that all the MBAM Client machines need access to the MBAM Database server. If so it will require a new Firewall Rule be implemented for the VRF that the server is in.